Security Plan for Schools Joe DiFonzo, Senior Network and Engineering Manager, MECnet Learn about the OCTAVE method. Using a three-phase approach, OCTAVE examines organizational and technology issues to assemble a comprehensive picture of the information security needs of an enterprise. The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) from Carnegie Mellon University define the essential components of a comprehensive, systematic, context-driven information security risk evaluation. By following the OCTAVE method, an organization can make information-protection decisions, based on risks to the confidential and the availability of critical information technology assets. The operational or business units and the IT department work together to address the information security needs of the enterprise. Administration, Network Managers Tech Strand Email: jdifonzo@mecnet.net Handout Conference Home